class FakeIdp::Encryptor

Constants

ENCRYPTION_STRATEGY
KEY_TRANSPORT

Attributes

certificate[R]
encryption_key[R]
raw_xml[R]

Public Class Methods

new(raw_xml, certificate) click to toggle source
# File lib/fake_idp/encryptor.rb, line 11
def initialize(raw_xml, certificate)
  @raw_xml = raw_xml
  @certificate = certificate
end

Public Instance Methods

encrypt() click to toggle source

Encryption approach borrowed from github.com/saml-idp/saml_idp/blob/master/lib/saml_idp/encryptor.rb

# File lib/fake_idp/encryptor.rb, line 18
def encrypt
  encryption_template = Nokogiri::XML::Document.parse(build_encryption_template).root
  encrypted_data = Xmlenc::EncryptedData.new(encryption_template)
  @encryption_key = encrypted_data.encrypt(raw_xml)
  encrypted_key_node = encrypted_data.node.at_xpath(
    "//xenc:EncryptedData/ds:KeyInfo/xenc:EncryptedKey",
    Xmlenc::NAMESPACES,
  )
  encrypted_key = Xmlenc::EncryptedKey.new(encrypted_key_node)
  encrypted_key.encrypt(openssl_cert.public_key, encryption_key)

  xml = Builder::XmlMarkup.new
  xml.EncryptedAssertion(xmlns: "urn:oasis:names:tc:SAML:2.0:assertion") do |enc_assert|
    enc_assert << encrypted_data.node.to_s
  end
end

Private Instance Methods

build_encryption_template() click to toggle source
# File lib/fake_idp/encryptor.rb, line 53
def build_encryption_template
  xml = Builder::XmlMarkup.new
  xml.EncryptedData(
    Id: "ED",
    Type: "http://www.w3.org/2001/04/xmlenc#Element",
    xmlns: "http://www.w3.org/2001/04/xmlenc#",
  ) do |enc_data|
    enc_data.EncryptionMethod(Algorithm: encryption_strategy_ns)
    enc_data.tag!("ds:KeyInfo", "xmlns:ds" => "http://www.w3.org/2000/09/xmldsig#") do |key_info|
      key_info.EncryptedKey(Id: "EK", xmlns: "http://www.w3.org/2001/04/xmlenc#") do |enc_key|
        enc_key.EncryptionMethod(Algorithm: key_transport_ns)
        enc_key.tag!("ds:KeyInfo", "xmlns:ds" => "http://www.w3.org/2000/09/xmldsig#") do |key_info_child|
          key_info_child.tag!("ds:KeyName")
          key_info_child.tag!("ds:X509Data") do |x509_data|
            x509_data.tag!("ds:X509Certificate") do |x509_cert|
              x509_cert << certificate.to_s.gsub(/-+(BEGIN|END) CERTIFICATE-+/, "")
            end
          end
        end

        enc_key.CipherData(&:CipherValue)
        enc_key.ReferenceList { |ref_list| ref_list.DataReference(URI: "#ED") }
      end
    end

    enc_data.CipherData(&:CipherValue)
  end
end
encrypted_data_namespace() click to toggle source
# File lib/fake_idp/encryptor.rb, line 82
def encrypted_data_namespace
  {
    Id: "ED",
    Type: "http://www.w3.org/2001/04/xmlenc#Element",
    xmlns: "http://www.w3.org/2001/04/xmlenc#",
  }
end
encryption_strategy_ns() click to toggle source
# File lib/fake_idp/encryptor.rb, line 45
def encryption_strategy_ns
  "http://www.w3.org/2001/04/xmlenc##{ENCRYPTION_STRATEGY}"
end
key_transport_ns() click to toggle source
# File lib/fake_idp/encryptor.rb, line 49
def key_transport_ns
  "http://www.w3.org/2001/04/xmlenc##{KEY_TRANSPORT}"
end
openssl_cert() click to toggle source
# File lib/fake_idp/encryptor.rb, line 37
def openssl_cert
  @_openssl_cert ||= if certificate.is_a?(String)
                       OpenSSL::X509::Certificate.new(certificate)
                     else
                       certificate
                     end
end